IP Skeptic Doctorow Notices a Problem

Last week, Cory Doctorow reported on Boing Boing that Amazon has a growing counterfeit products problem on its hands due to a change in company policy that allows Chinese suppliers to sell direct on the platform, bypassing domestic importers. If accurate, the issue itself is not very surprising. What is surprising is that Doctorow does not acknowledge—at least not in this article—that the counterfeit outbreak he describes is an inevitable result of the anti-IP agenda he has personally supported for years.

At some point, one must toss that copy of The Declaration of the Independence of Cyberspace into the digital dumpster and accept that the internet is not a magical cornucopia whose bounty will flow only so long as it operates beyond the legal limits of the physical world. To the contrary, the virtual increasingly has significant influence on the tangible. Doctorow describes the following:

“In late 2015, there were a spate of warnings about knockoff sex toys on Amazon made from toxic materials that you really didn’t want to stick inside your body. Now this has metastasized into every Amazon category. Sometimes its clothes and other goods that have weird sizing, colors, or poor construction. Sometimes its goods that generate no complaints, but are priced so low that the legit manufacturers can’t compete, and end up pulling out of Amazon or going bust.

Or it can be the worst of both worlds: super-cheap goods that make it impossible for legit manufacturers to compete, coupled with low-quality knockoffs that generate strings of one-star reviews from pissed off customers, meaning that even if the fakes were chased off the service, the sales will never come back.”

Sound familiar? Doctorow observes that Amazon is making money on transactions that may defraud—or even endanger—consumers while simultaneously causing permanent economic harm to legitimate suppliers. Isn’t that what many of us have been saying would happen when IP rights are not enforced online—that the “free culture” fiesta would extend beyond the supposed “harmlessness” of media piracy and eventually manifest as physical goods that can maim, poison, or kill people? Or at least just rip them off?

Unfortunately, the broader battle over IP protection on internet platforms has been distorted by a naive belief in the harmlessness of pirating entertainment media and the assumption that IP only serves the big conglomerates who produce those works. This feeds a sense that IP in general is just a “protectionist” regime for entrenched corporations to slow innovation. When it comes to physical goods, though, suddenly people begin to notice that protecting IP happens to protect consumers. This is why for instance trademark infringement is not a minor transgression. The knock-off Polo shirt won’t get anyone killed, but the knock-off Graco car seat certainly could; and when one distribution service like Amazon is vying to be the “Everything Store,” the possibility for widespread hazard becomes clear.

Presumably, Amazon will recognize the potential loss of consumer confidence if their counterfeit problem grows. The company could take mitigating measures akin to the effective, anti-fraud practices employed by eBay, which weighed heavily in its favor in a 2002 litigation with Tiffany over fraudulent products being sold on that platform. That Doctorow writes the following, however, is the real hypocrisy that needs to be addressed:

“Amazon is bending over backwards to refund customers who get bad fakes, but either can’t or won’t stem the tide of fakes themselves (I run into counterfeit editions of my books on Amazon all the time). It may be that it’s more profitable to offer refunds to customers who get bad products than it is to police the millions of SKUs that are pouring in now that Chinese industry has a direct pipeline to Amazon’s customers.”

Doctorow is criticizing Amazon for tackling the counterfeit problem one infringement at a time while failing to take broader measures to “police” its own platform to “stem the tide.” Is that not a familiar refrain copyright holders have been singing about mass infringement of their works on platforms like YouTube? I think it is. Either these platforms are under the control of their owners or they’re not. Either we want a digital market that protects suppliers and consumers, or we don’t. And we can’t have the former without shedding this naive premise that the technology itself obviates the need for intellectual property enforcement, or that IP is exclusively a barrier to access, information, or innovative services.

This subject actually refers back to the first article I wrote about any of these issues—one that appeared in December 2011 in Stars & Stripes supporting SOPA/PIPA because of their associated provisions designed to mitigate counterfeit products entering the military supply chain. You remember SOPA, right? Certainly, the cadre of “digital rights” activists won’t let you forget it as they chronically insist that all proposals to protect any kind of IP online are basically SOPA in disguise. (See Guide to Critiquing Copyright in the Digital Age).

Likely, nobody remembers that Tittle II of SOPA contained anti-counterfeiting provisions as did a companion bill to PIPA called the Combatting Military Counterfeits Act, authored by Sheldon Whitehouse (D-RI). These provisions and proposed amendments would not be protecting US consumers from Amazon-purchased counterfeits more than the existing statutes (Title 18) already do, but the bills did go further to protect against certain types of counterfeiting, and both bills expanded the principle that trafficking in counterfeits online poses a serious threat to consumer safety.

As Doctorow’s observations forecast, someone’s eventually going to get hurt. And unfortunately, that’s often what it takes for people to demand any kind of action. Or we could change the conversation before that happens.

Prison for password sharing? Not likely.

After a ruling by the Ninth Circuit Court of Appeals, a number of blogs and articles appeared with headlines announcing that it is now a federal crime if, for instance, your kid uses your Netflix password.  While that kind of headline is good for traffic and buzz, it’s also typically exaggerated and misleading—at least insofar as this recent decision is concerned.

At the heart of the matter is the Computer Fraud and Abuse Act (CFAA), which has been sharply criticized for years by a number of civil liberties advocates who focus on digital-age issues.  The CFAA may also be referred to generically as the anti-hacking law, and there is perhaps legitimate concern that the language in the statute is overly broad and may therefore be abused by a capricious prosecutor to indict people who commit minor offenses (or non-offenses) under a law written to address serious cyber crimes.

The appeals court decision that ignited the recent flurry of headlines, United States v Nosal, concerns David Nosal, a former employee of the executive search firm Korn/Ferry. After being dismissed from the firm, Nosal “convinced some of  his  former  colleagues  who  were  still  working  for Korn/Ferry  to  help  him  start  a  competing  business.  The employees used  their  log-in  credentials  to  download  source lists, names and contact information from a confidential database  on  the  company’s computer,  and  then  transferred  that information to Nosal.”  This is a partial description of facts as stated in the Ninth Circuit’s en banc opinion issued April 2012 in the same case.

There appears to be no dispute in the matter of Nosal’s criminal liability under several other statutes regarding his unauthorized access of Korn/Ferry’s protected data, but the appeal pertaining to CFAA hinges on what critics—and at least some judges—feel is ambiguity over the meaning of “authority” to access a computer.  Because one of Nosal’s former colleagues still had credentials to log into the firm’s computers and because she voluntarily shared those credentials, can Nosal then be charged with violation of CFAA?  Does authority come from the credential holder or the computer owner?  Right there is where civil libertarians and dissenting judges say the ambiguity in the language could jeopardize you and me and every other citizen who voluntarily shares a password with a friend or family member for innocuous access to our personal accounts.  From the EFF

“Nosals colleagues had the authority of an authorized user, the current employee who lent her credentials. Thus, if authoritycan come from the account holderas with a wife who lends her bank credentials to her husband to pay a bill, a college student who uses a parents Hulu or Amazon password, or someone who checks Facebook for a sick friendthen Nosal and his colleagues did not violate the CFAA.”

I wouldn’t call the distinction irrelevant, but neither would I call this case a particularly good reason for everyone to overreact, which has no doubt already happened on social media threads everywhere.  The employee with “authorized” access to Korn/Ferry’s database may well have given her permission to Nosal and others to use her login credentials, but that in itself was a criminal violation and a permission she had no “authority” to grant under any circumstances.  The majority opinion from the court is extensive on this point and argues that its interpretation of “authority” is both clear and consistent with sister circuit court decisions in precedent cases.

Meanwhile, even a very narrow interpretation of “authority” in Nosal’s case is a far cry from comparing these circumstances to the fact that I have a Netflix account which enables up to four devices simultaneous access to the service and that one of these may be used by my college-student son.  That’s what Netflix expects a family to do with an account that allows multi-device access.  Moreover, unlike Nosal’s “inside woman” at Korn/Ferry, I do have authority to give permission to a friend or spouse to log into my Facebook account.  Neither Facebook nor the federal government can mandate that the account holder has to be the individual who types in the credentials—to say nothing of ever proving such evidence—so it seems like gratuitous hyperbole for EFF and other critics to compare these everyday examples to Nosal.  Still, the three-judge panel had one dissenting opinion, which the EFF describes as follows:

“While the majority opinion said that the facts of this case bear little resemblanceto the kind of password sharing that people often do, Judge Reinhardts dissent notes that it fails to provide an explanation of why that is. Using an analogy in which a woman uses her husbands user credentials to access his bank account to pay bills, Judge Reinhardt noted: So long as the wife knows that the bank does not give her permission to access its servers in any manner, she is in the same position as Nosal and his associates.As a result, although the majority says otherwise, the court turned anyone who has ever used someone elses password without the approval of the computer owner into a potential felon.”

Indeed, we may now be a nation of felons, and if this is so, then Congress better get on that.  But the fact that we are all guilty is the first reason we might want to calm down a bit before reacting to those scary headlines and getting in a big sweat about it.  Also, while I lack the credentials to argue with an appeals court judge, I’m going to a little because the wife in Judge Reinhardt’s example does have her husband’s permission to access the bank account, and the husband has the authority to grant her that permission. Judge Reinhardt knows this, though, and his point is that the statute ought to reflect the distinction between this common, family banking example and the Nosal case in which the individual with the credentials did not have “authority” to grant access.  Reinhardt writes the following in his dissenting opinion:

“The majority [opinion] does not provide, nor do I see, a workable line which separates the consensual password sharing in this case from the consensual password sharing of millions of legitimate account holders, which may also be contrary to the policies of system owners. There simply is no limiting principle in the majoritys world of lawful and unlawful password sharing.”

Perhaps Congress will need to review CFAA, but it seems simple enough to observe that “authority” to grant access will be predicated on the relationship between the login credential holder and the data being accessed. Korn/Ferry owns 100% of the data on its computer servers, its employees may only access that data under the conditions and permissions of the firm, and this access may be revoked at the sole discretion of the firm without question.  In short, nothing in the database belongs to any of the employee/users, who therefore have no authority ever to share access with anyone. In such a scenario, only the computer owner can have the “authority” to grant access.

This is very different from the relationship between a bank and a customer vis-a-vis one’s own account information pertaining to one’s own money. The bank owns the servers and the systems just like the bank owns the vault, but the customer owns the account information and assets in the account and has full discretion to use the information or assets as he sees fit, while the bank has very restricted authority to access or exploit either the data or the assets under management. Reinhardt’s comparison might be more compelling if the wife in the scenario were cheating on her husband and so gave the login credentials to a dashing third party to drain the bank account so they could run off to the Caribbean together.  In this soap opera, could said dashing third party (DTP) be indicted under CFAA in addition to other criminal charges? Arguably, the wife had more authority to grant access to the DTP than the Korn/Ferry employee had to grant access to Nosal, so I imagine CFAA would be an over-reach in this situation.

In the case of a Facebook account, the “ownership” question remains a bit vague. Many social media companies lay claim in their Terms of Service to “ownership” of every word and image we share on their platforms, but does that make these companies the “owners” of the data in the same way that Korn/Ferry owns its data?  I would argue it does not, especially since none of our shared social media data can be called “private” or Facebook’s “trade secrets.” As with the banking example, a social media account involves a shared “authority” to access based on the relationship between the data and the account holder; and this would seem to void any assumed violation of CFAA.  Regardless, it will likely be years before these questions are officially resolved, but I wouldn’t lose years of sleep in the meantime worrying about felony charges for common password sharing.

What Went Down at the DOJ 

“… last week a former Google lawyer at the DOJ anti-trust division against the recommendation of the US Copyright Office rammed through a 100% licensing rule that effectively brings the last of the “free” songwriters under the consent decree.”  

David Lowery at The Trichordist

“The Department of Justice’s position is arrogance at its worst. The decision fails to address the vitally important issue of terminating or reforming outdated consent decrees, and instead broadly expands its interpretation of existing consent decrees.”

— Rep. Doug Collins (R-GA) —

“… the consent decrees were put in place before the transistor radio was invented. They were never meant to, nor could they envision, existing in a world of iPhones, streaming and instant access to practically all music. Unfortunately, the DoJ went the opposite direction and chose the outcome most harmful to songwriters and the creative community.” 

— David Israelite, President & CEO, National Music Publishers Association —

The internet and tech industries like to evangelize a message that creators’ rights laws are “outdated” because they supposedly stand in the way of innovation and competition.  Of course, if a truly outdated law benefits their bottom line or their business models, then they’re only too happy to promote a message that the status quo must be preserved in the name of competition and innovation.  For instance, rights holders would like to see reform to the 1998 DMCA, while OSPs generally want the law to remain as obsolete and ineffective as it is.  But this general hypocrisy may be best dramatized by efforts to entrench the WWII-era federal consent decrees governing music composition and songwriting.

If only a songwriter could buy food and housing at 1940s prices, maybe this rate structure that now earns pennies on the dollar for millions of streaming plays could somehow be justified.  Instead, composers and songwriters remain shackled to a federal, Rate Court system that began when “Boogie Woogie Bugle Boy” was a new hit—one that could never have anticipated the holistic transformation to the music market produced by innovations like digital streaming. For the past few years, the songwriters and composers have been seeking reform to these licensing regimes in order to adapt pricing regimes that reflect the realities of the new market.  That’s how augmenting legal systems is supposed to work.  But on July 1—just in time for Independence Day as David Lowery pointed out—the Department of Justice recommended that American songwriters weren’t quite hampered enough by their rusty handcuffs. (Remember:  this is about regulating songwriters and composers — not weapons, automobile, or chemical manufacturers.)

Deputy Assistant Attorney General Renata B. Hesse, a former Google lawyer, issued two key recommendations.  The first is that any of the performance rights organizations PROs — ASCAP, BMI, or SESAC—must license 100% of a song for public performance no matter what percentage of the song the PRO legitimately represents.  Historically, when songwriters collaborate who are signatories to different PROs (which has happened thousands of times to produce songs you love), the associated PROs co-manage the rights so that all parties receive royalties accordingly.  On this matter, music attorney and blogger Chris Castle writes …

“… the [Obama] Administration has to ignore the implications to international trade, replace a voluntary licensing doctrine with a government mandate, ignore written agreements between generations of songwriters, and impose untold transaction costs on songwriters without requiring an increase in royalty rates to permit cost recovery.”

The second recommendation from Hesse is to reject songwriters’ and composers’ requests to withdraw their individual catalogs from digital licensing in order to negotiate fair market rates with services like Spotify, Apple Music, or Google.  This independent negotiation already occurs between the digital service providers and labels and artists who are not signatories to the PROs bound by the WWII-era consent decrees.

The real hypocrisy in this recommendation is that the DOJ is rejecting fair market negotiation for one class of artists on the grounds that such a ruling would be necessary to maintain the antitrust rationale for consent decrees in the first place.  But not only is Hesse looking at the 21st century market through an early 20th century lens (the largest PRO, ASCAP, was formed in 1914), but she is failing even to consider that the companies we now need the government to regulate are Apple, Google, Spotify, et al.  It cannot possibly be news to Hesse or anyone else at Justice that the titans of Silicon Valley are the new prospective monopolists of our times.  On the other hand, Chris Castle pulls no punches here when he argues that Hesse is in violation of Obama’s own Executive Order on Ethics because she is “working on antitrust matters for the benefit of Google, her former client.”

Organizations like Public Knowledge that support the recommendations by the DOJ, say that Hesse has acted properly in the service of the public interest.  Arguing that consolidation in the music publishing industry leads to monopolistic control of large catalogs, Raza Panjwani, Policy Council at PK, writes …

“… it’s refreshing to see that, based on reports, it appears that the Department of Justice is once again demonstrating that robust enforcement of antitrust law in the United States can play an integral role in preventing anticompetitive behavior, whether that’s the development of cable monopolies, price fixing in the ebook market, or collusion in an increasingly concentrated music publishing market. In each case, the ultimate winner is the public.”

I have to say, when I look at the many challenges in the world, I’m glad Public Knowledge is there to protect us from the caprice of songwriters.  I know that’s sarcastic, but seriously?  I think we have to admit that consolidation continues in every sector of the American economy and that the major internet players are only accelerating this phenomenon while paying lip service to the virtues of competition. Meanwhile, what sector more than music has been so dramatically warped by black-market forces that pegged the “natural price” for a song at zero?  To pretend that piracy is not still a bargaining chip for legal streaming services when negotiating with songwriters—if the DOJ would be so kind as to let them negotiate—is a disingenuous assessment of the market.

As is typical of our increasingly short-sighted business culture, the DOJ also fails to recognize that its recommendations are self-defeating—that they would act as disincentives to produce, collaborate, and innovate within this community of artists. Just like her former client, it seems that Hesse is too narrowly focused on the exploitation of existing works while failing to imagine the works that may (or may not) be produced in the future.  As such, her recommendations are unfortunately consistent with the digital market’s tendency to cannibalize older investments rather than to support newer ones. Yes, that’s an oversimplification, and the digital market continues to evolve.  But if history teaches us anything, it’s that the new, disruptive companies quickly become the new dominant forces—as willing and able as any to engage in non-competitive practices or to exploit suppliers.  As such, the DOJ’s recommendation to tighten these 75-year-old regulatory bonds on one class of independent (and often invisible) artists seems far less likely to foster competition than they are to further subsidize the free ride for America’s billionaires.